3
我正在嘗試使用bcrypt算法對密碼進行哈希處理,但我遇到了一些問題。首先,我找不到合適的位置來檢查password_verify()
是否返回true。驗證PDO準備語句中的password_hash()
$admin = $_POST['admin-user'];
$pass = $_POST['admin-pass'];
$password_hash = password_hash($pass, PASSWORD_BCRYPT);
if (isset($admin)&&isset($pass)&&!empty($admin)&&!empty($pass)) {
$admin_select = $link->prepare("SELECT `id` FROM `admins` WHERE `username` = :admin");
$admin_passwd = $link->prepare("SELECT `password` FROM `admins` WHERE `username` = :admin_pw");
$admin_passwd->execute(array(':admin_pw' => $admin));
$admin_pwd = $admin_passwd->fetch(PDO::FETCH_ASSOC);
if (password_verify($pass, $admin_pwd)){
if ($admin_select->execute(array(':admin' => $admin))) {
$res = $link->query('SELECT COUNT(*) FROM requests');
$query_num_rowz = $res->fetchColumn();
if ($query_num_rowz == 0) {
echo 'No records found';
} else if ($query_num_rowz > 0) {
$query = $link->prepare("SELECT id FROM admins WHERE username = :admin");
$query->execute(array(':admin' => $admin));
$admin_id = $query->fetch(PDO::FETCH_ASSOC);
$_SESSION['admin_id'] = $admin_id;
header('Location: index.php');
}
}
}
}
其次,我不確定這是選擇用戶密碼的正確方法。
$admin_passwd = $link->prepare("SELECT `password` FROM `admins` WHERE `username` = :admin_pw");
$admin_passwd->execute(array(':admin_pw' => $admin));
$admin_pwd = $admin_passwd->fetch(PDO::FETCH_ASSOC);
+1。如果我爲這樣的課程上課,這會是一個好主意嗎?即具有兩種方法的類別。其中一個用於用戶信息,另一個用於管理員? – schmitsz 2015-03-13 14:44:13
@schmitsz如果它會有利於你使用類然後這樣做,你可能需要重用一些方法,那麼我認爲這將是很好的 – Ghost 2015-03-13 14:46:52